Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1501
  • Last Modified:

Session handling in Pop up jsps

Working in Java/Jsp arch. I have two levels of Pop ups (invoked using showModalDialog() method of javascript) coming up from a parent browser window. Should I handle anything special for keeping all these modal dialogs to be in same session? Because, during debug, the session id is differing when new pop up is opened and the data stored by Parent session is not accessible from child. Is that there something I'm missing?
0
prabudoss
Asked:
prabudoss
  • 4
  • 3
  • 3
  • +2
2 Solutions
 
allahabadCommented:
Are you using url rewrite to maintain session ?
If you are using url rewrite to maintain session, your session will be different for the new window, however, if you use cookies, same session  will be maintained by the server when new window in opened.
0
 
kennethxuCommented:
1. you must enable cookie in your browser unless you opt for url rewrite for session control.
2. if you use url rewrite, you must pass all your url through response.encodeURL().
3. make sure you test your app on IE or NS, don't do it from IDE, because some IDE integrated browsers have problem to handle cookies in different windows.
0
 
prabudossAuthor Commented:
I'm amateur in this area. I'm using session like this

in doGet,
HttpSession thisSession = aRequest.getSession();

then to store data in session
thisSession.setAttribute(xxx, data);

to retrive from session,
httpsession.getAttribute("xxx");


This is what I have in jsp regarding cache.
<%
     
     response.setHeader("Cache-Control", "no-Cache");
     response.setHeader("Pragma", "No-cache");
     response.setDateHeader("Expires", 0);
%>

Anything alarming you?
0
Enhanced Intelligibility Without Cable Clutter

Challenge: The ESA office in Brussels wanted a reliable audio conference system for video conferences. Their requirement - No participant must be left out from the conference and the audio quality must not be compromised.

 
cheekycjCommented:
how do you know the session ID is different?

Are you outputting it or just not seeing your vars set?

CJ
0
 
prabudossAuthor Commented:
I basically store this session object in a map in a helper class and use that helper class to talk to session object in rest of the application. I step through the code and I got that session id is differing and also my values whatever I stored in Parent is missing. Below is the values I got in one of the Parent

SessionObject=
Session Object Internals:
id : X3BQETYAAAAANQFILOHH2EY
hashCode : 14371
create time : Wed Mar 05 23:07:54 GMT+05:30 2003
last access : Wed Mar 05 23:08:24 GMT+05:30 2003
max inactive interval : 1800
user name : anonymous
valid session : true
new session : false
session active : true
overflowed : false
session application parameters : com.ibm.servlet.personalization.sessiontracking.SessionApplicationParameters@1be
session tracking epm app data : com.ibm.servlet.personalization.sessiontracking.SessionTrackingEPMApplicationData@4024
enable epm : true
non-serializable app specific session data : {}
serializable app specific session data : {LogonUser=User@78b, OrderAsUser=User@4e38, TransactionObject=OrderTransactionData@49a5}

session data list : Session Data List ->  id : X3BQETYAAAAANQFILOHH2EY next : LRU prev : MRU


and when I'm in first level of Pop up and got session object and got same id "X3BQETYAAAAANQFILOHH2EY" as in parent but when I opened second level of Pop up (using showModalDialog()) this id was differing and I could not see any app specific data.
0
 
cheekycjCommented:
the second level popup is a page in the same application?

CJ
0
 
kennethxuCommented:
could you please try this test jsp and let us know the result? it will show if you get the same session or not.

<HTML>
Session ID: <%= session.getId() %> <p>
Cookies:
<script>
document.write(document.cookie);
</script>
<p>
<%
    if( request.getParameter( "test" ) == null ) {
         session.setAttribute( "test", "Test string in session" );
    } else {
         out.println( "Attribute: " + session.getAttribute( "test" ) + "<p>" );
    }
%>
<a href="?test" target="new">new window</a>
</HTML>
0
 
prabudossAuthor Commented:
I tried to use the test jsp. This problem is somewhat not consistently occuring. Sometimes I could get the same session across the children Pop ups. But few times the session id varies. May be VAJ test env has something to with this. Any idea of this?
0
 
kennethxuCommented:
>> May be VAJ test env has something to with this

Yes, I have heard similar problem been reported for other tools as well as VAJ.

Try to use IE or NS connect to real server.
0
 
cheekycjCommented:
yes use a regular browser.

a popup in VAJ maybe opening a new browser session (new instance of the browser) rather than a new browser window (within the same session)

CJ
0
 
kennethxuCommented:
do you still have this problem when you use IE?
0
 
girionisCommented:
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:

- Split points between kennethxu and cheekycj

Please leave any comments here within the next seven days.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

girionis
EE Cleanup Volunteer
0

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

  • 4
  • 3
  • 3
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now